Estimated Reading Time: 4 Minutes
Although traditional fishing may spark images of serene landscapes and calm waters, phishing on the other hand most certainly does not! Phishing attempts can lead to data breaches and identity theft — a tidal wave of cybersecurity issues! This week, as part of Cybersecurity Awareness Month, we are providing you with a clear definition of phishing, tips to spot it, and ways to report it if you suspect an attempt. Remember – it’s easy to stay safe online and protect your identity if you are aware and armed with the right tools!
What is Phishing?
Phishing is a social engineering tactic cybercriminals use to trick you into providing them with your personal information, typically via clicking on a link they send you through emails, social media, or text messages. Phishing attempts can also infect your machine with malware and viruses that collect your information without you even knowing it's happening. And, if you take the bait, cybercriminals may then use that information to phish other people in your organization and networks. With one hook, they may end up stealing information from the entire sea!
How Common are Phishing Attacks?
Phishing attacks have become an increasingly common problem and are one of the top security concerns for individuals and organizations alike:
- During early 2022, more than half of phishing-related attacks were generated by social networks.
- In December 2021, phishing attacks had tripled from early 2020.
- During the COVID-19 pandemic, 62% of Microsoft’s security professionals said that reports of phishing attempts had increased more than any other type of threat.
- 82% of data breaches involved a human element and about two-thirds involved phishing, stolen credentials, and/or ransomware.
- 30% of small businesses consider phishing attacks to be their top cybersecurity concern.
- Nearly three out of four companies experienced a phishing attack in 2020.
It’s important for every individual to stop and think before clicking on a link or attachment in a message to avoid phishing attacks!
How Can I Spot a Phishing Attempt?
Some phishing attempts are easy to catch and avoid, others are not. Unfortunately, phishing attacks have become increasingly sophisticated and authentic-looking, with imposter scams being the second most reported fraud type to the FTC in 2021. As you wade through emails — even from known contacts — be on the lookout for the following:
- Urgent requests for you to take action and provide personal information
- Generic language that does not apply to you or something you have expressed interest in recently
- Offers that are “too good to be true” and promise unicorns and rainbows
- Email subjects that are either missing or alarmingly long and confusing
- Misspelled words throughout and improper use of terminology
- Unusual requests from a known contact
Remember, if an email or website looks or sounds fishy, it probably is!
What Should I Do if I Receive a Phishing Attempt?
If you suspect you have received a phishing attempt, here are some tips to help avoid the hook:
- Do NOT click on any link in the email (including the “unsubscribe” link) or respond to the attempt. Simply delete the email.
- Contact the real person or organization directly by opening a new window and typing in the person’s email or organization’s name. If it does turn out to be a phishing attempt, report it to the person/organization.
- Report the phishing attempt to your organization’s IT security office or manager.
- Block the address from sending you emails by following your email provider’s instructions (Gmail, Outlook, AOL, Yahoo!, Apple/Mac Mail).
- Report phishing attempts and suspicious behavior to your email provider (Gmail, Outlook, AOL, Yahoo!, Apple/Mac Mail).
- Review some best practices to stay safe online and update your security software and passwords.
Complimentary #BeCyberSmart Resources
If you do happen to fall prey to a phishing attack, Iris Powered by Generali can help you navigate the cybersecurity tidal wave and get back to safer waters.
This Cybersecurity Awareness Month, Iris is offering all consumers free use of our PC/Mac Health Check cyber protection service. You can see first-hand how easy it is to let cyber protection services work for you and others in your community. This offer is only valid October 1-31, so sign up for an appointment today.
Just like a fish can learn how to avoid capture, so can you! For more tips on how you can stay safe online and protect yourself from phishing attacks, check out our #BeCyberSmart blogs. Don’t forget to follow us on Twitter, LinkedIn, and Facebook, and check out our It’s Easy to Protect Your Identity & Stay Safe Online for even more cybersecurity and identity theft protection resources.